CrypBoss is a family of ransomware that includes the HydraCrypt and UmbreCrypt variants. This family targets Windows OS and is distributed via the Angler Exploit Kit. They all delete Shadow Volume Copies to prevent file restoration and use AES encryption to lock victims’ files. Differences include appended file extensions (.hydracrypt_ID_[8 random characters] and .umbrecrypt_ID_[victim_id]) and the way in which the ransom notes are written. HydraCrypt threatens to release victims’ private data on the Dark Web.

  • Emsisoft offers a decryption tool for files encrypted by HydraCrypt and UmbreCrypt, available here. Instructions on how to use the tool are available here.
  • MakeUseOf provides more information about the CrypBoss family of ransomware, available here.